Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2023-25912

Disclosure Date: June 11, 2023 (last updated August 06, 2024)
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-25911

Disclosure Date: June 11, 2023 (last updated January 18, 2025)
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-22586

Disclosure Date: June 11, 2023 (last updated October 08, 2023)
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-22585

Disclosure Date: June 11, 2023 (last updated October 08, 2023)
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-22584

Disclosure Date: June 11, 2023 (last updated October 08, 2023)
The Danfoss AK-EM100 stores login credentials in cleartext.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-22583

Disclosure Date: June 11, 2023 (last updated October 08, 2023)
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-22582

Disclosure Date: June 11, 2023 (last updated October 08, 2023)
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0